Top 7 Best Practices in Vendor Management from 2018
Let's reflect on 2018.
Since we’re nearing the end of the year, it’s a good time to reflect on 2018 and some of the vendor risk management best practices we’ve found to be very helpful. Let’s cover 7 of the 2018 best practices that should continue to be performed in the new year. They range from engaging the first line of defense through continuing education.
Welcome to this week’s Third Party Thursday! My name is Alicia Thomas and I’m a Senior Relationship Manager here at Venminder. Since we’re nearing the end of the year, it’s a good time to reflect on 2018 and some of the vendor risk management best practices we’ve found to be very helpful.
Here are 7 of the 2018 best practices that should continue to be performed in the new year:
- Engage the first line of defense. The first line is the business line interacting with customers and vendors at the transaction level. Understand their pain points and create a framework of communication. They are, after all, the vendor’s daily contact and will have a lot of information to share regarding the vendor and their overall performance.
- Review relevant guidance from your prudential regulator and the FFIEC. However, also review other regulator guidance even if it’s not the regulation that directly impacts your industry. We’ve learned that regulators watch one another; therefore, implementing relevant guidance released by them is a great way to adapt and grow your own program.
- Involve senior management and the board in vendor risk management discussions to ensure everyone is on the same page. Regulators require it, examiners expect it and it’s an overall business best practice.
- Be prepared for exams. How can you do this? Well, we recommend you verify all documents are current, that correct and updated regulations are cited throughout your policy and program documentation and that you understand the scope of the exam.
- Do not forget ongoing monitoring – the often-forgotten pillar of third party risk management. It’s so important to continue monitoring vendor relationships after the contract is in place as this will help your organization determine if the relationship is still a good fit, and better yet, if there are any new risks posed that you should be aware of.
- Self-audit your vendor risk management program. Have the internal audit team, or an outside firm if necessary, perform self-audits periodically. It’s much better to become aware of a deficiency before an examiner or regulator discovers it.
- Continue to learn. Attend webinars, conferences and read the news as much as possible – and track the participation – it can help to show the continuous investment of time and money. There are a lot of free resources available that can be very powerful tools.
These are just some top practices we’ve found to be very beneficial to vendor risk management programs this year. I hope you find this podcast helpful.
Again, I’m Alicia Thomas and thanks for tuning in. If you haven’t already done so, please subscribe to our Third Party Thursday series.
Subscribe to our Third Party Thursday Newsletter
Receive weekly third-party risk management news, resources and more to your inbox.